Debian LTS and ELTS - June 2023
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- openssl
- Reference/refresh recent patches in the security tracker
- DLA 3449-1 (4 CVEs)
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
- ffmpeg
- Track fixed CVEs in past upload
- DLA 3454-1 (4.1.10->4.1.11 upgrade, with unregistered vulnerabilities)
https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html
- python-werkzeug/bullseye upcoming DSA
- Review (based on my DLA 3346-1 for the same package)
- Front-Desk
- Mark 16 packages for update
- Triage or precise triage for 15+ CVEs
- Request new CVE for package 'osslsigncode'
- Clean-ups/precisions in work queue and package database
- Follow-up on upload-related issues
ELTS
- sysstat
- ELA-866-1 (1 CVE)
https://www.freexian.com/lts/extended/updates/ela-866-1-sysstat/
- Front Desk
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (emacs*, golang*, netty*, openssl*,
php*, python*, tomcat*)
- Mark 11 supported packages for update
- Triage or precise triage for 10+ CVEs
- Clean-ups/precisions in work queue
Documentation and tooling
- Continue discussion on making stable-security build logs public
after package release, now involving other teams
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51
https://lists.debian.org/debian-lts/2023/06/msg00001.html
- Tooling: continue to revamp work queue report ('find-work')
(private tooling planned to be made public)
- Continue clean-up and finish review processes
- Convert work queues (dla_needed.txt, ela_needed.txt) to drop
duplicate information
- Display warning if the Debian package maintainer requests
involvement in LTS uploads (from 'data/packages/lts-do-call-me')
- Display age in the work queue for each planned upload
- LTS Documentation
- TestSuites: ffmpeg: refresh for buster
https://lts-team.pages.debian.net/wiki/TestSuites/ffmpeg.html
- TestSuites: golang: refresh uploads involving reverse-dependencies
https://lts-team.pages.debian.net/wiki/TestSuites/golang.html#finding-reverse-build-dependencies
- TestSuites: refresh index, fix mark-up
https://lts-team.pages.debian.net/wiki/TestSuites.html
https://lts-team.pages.debian.net/wiki/TestSuites/php.html
- Development: drop coordinator work from front-desk section,
update/simplify 'package-operations' documentation,
clarify debian-archive-keyring rationale
https://lts-team.pages.debian.net/wiki/Development.html
- Guide non-security LTS upload from non-team contributor
https://bugs.debian.org/1039489
- Continue internal discussions on packages claimfiles format/workflow
- Jitsi team meeting
--
Sylvain Beucler
Debian LTS Team
Reply to: